First published: Mon May 22 2023(Updated: )
CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Codeigniter Codeigniter | <4.3.5 | |
composer/codeigniter4/framework | <4.3.5 | 4.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
This vulnerability allows attackers to execute arbitrary code when using Validation Placeholders in CodeIgniter.
CodeIgniter versions up to and including 4.3.5 are affected.
Update CodeIgniter to version 4.3.6 or higher to fix this vulnerability.
You can find more information about this vulnerability on the GitHub security advisory page.
The CWE ID for this vulnerability is 94.